The virus, a self-replicating program or worm called The Moon, takes control of the router and then uses it to scan for other vulnerable systems.

So far, wrote ISC researcher Johannes Ullrich, it is not clear why the routers are being compromised and what might be done with them. There are hints in the exploit code that the routers will at some point be gathered together into a network of compromised machines, he said in a blogpost. Currently, he added, all the worm was doing was spreading to other Linksys routers.

Benevolent hacking

In a statement, Linksys said it was aware of the Moon malware and said it took hold on hardware only if a Remote Management Access feature was turned on. Turning the router off and disabling the remote management system should clear out the worm, it added.

Linksys has also published technical advice about how to update the core software for vulnerable routers and how to turn off the remote management feature.

Earlier this month, many users of Asus routers who remotely connect via the gadget to hard drives in their homes, perhaps to watch DVDs they have ripped, found that someone had used the same feature to upload a text file urging them to do more to make the device safe.

A separate study by security firm Tripwire has found that 80% of the 25 best-selling routers available on Amazon are vulnerable to compromise.

Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.

The past 12 months have seen a flurry of interest in routers by security researchers keen to find bugs and loopholes. One project detailing their findings now lists hundreds of exploits for routers from 36 separate manufacturers.

"In recent years, the computing power of the average home router has increased substantially to support features like streaming media and file or print sharing," said Mr Young. "These additional features offer new attack surface while the additional computing power creates new possibilities for what an attacker can do with a compromised device."